oracle-alpine-linux-arm-server.md (7429B)
1 --- 2 title: "Oracle Alpine Linux ARM server" 3 date: 2022-02-16T18:59:00 4 lastmod: 2022-03-08T12:03:00 5 tags: ["Guides", "Linux", "Networks", "Servers", "Software"] 6 --- 7 8 After finding a post about [creating a minecraft server in bash](https://sdomi.pl/weblog/15-witchcraft-minecraft-server-in-bash/) on Reddit I started reading through the rest of [sdomi's blog](https://sdomi.pl/weblog/) and [one post in particular](https://sdomi.pl/weblog/12-bootstrapping-alpine-on-oraclecloud/) caught my eye. It details running an aarch64 version of Alpine Linux on a free tier Oracle Cloud server. Now this combination of words ticks pretty much every box I have going. While the guide is a little brief on details it works great and offers some suggestions at the end I'd like to build upon. So without further ado, let's go. 9 10 ## Initial Instance 11 12 After creating your account, create your compute instance. While creating this, change the following under 'Image and shape': 13 * Change the Image to 'Oracle Linux version 7.9' (correct at time of writing) 14 * Change the Shape to be 'Ampere, Arm-based processor' 15 16 I uploaded my own public key, but you can also download pre-generated ones. All the other defaults are fine. Click create and wait the five or so minutes for the instance to be created. 17 18 Once created, log in via the 'Public IP address' on the instance details page, using your SSH private key with the username `opc`. With this, you should be logged in and you can elevate to root using `sudo su -`. 19 20 Now [follow the rest of the guide](https://sdomi.pl/weblog/12-bootstrapping-alpine-on-oraclecloud/) and reboot into your newly booted Alpine VM. 21 22 ## Upgrading to Edge 23 24 The first thing I did once rebooted was upgrading from version `3.13` of Alpine to the latest `edge` version. This is entirely optional, but I prefer to run the latest versions of applications where possible. 25 To do this, edit your repositories file: 26 ``` 27 vi /etc/apk/repositories 28 ``` 29 Replace any references to `v3.13` with `edge`, then run the following to update: 30 ``` 31 apk --update upgrade 32 ``` 33 Reboot again, and you should be running the latest version. Feel free to add any additional pacakges using `apk --update add neofetch neovim` etc. 34 35 36 ## Fixing sda1 37 38 The bootstrap script doesn't specify any mount options for `/dev/sda1` so every time you issue `mount -a` it will give an error as your dump value is parsed as options instead. This is really easily fixed by replacing the `/dev/sda1 /boot/efi vfat 0 0` line with `/dev/sda1 /boot/efi vfat auto 0 0` in `/etc/fstab`. Now the error is gone. 39 40 ## Shuffling Partitions 41 42 As mentioned in the guide, Alpine is currently installed on the /old/ swap `/dev/sda2` partition. You can now delete your old Oracle partiton to regain some 40GB space. 43 44 ``` 45 fdisk /dev/sda 46 p 47 d 48 3 49 w 50 ``` 51 Which should (remember to read the printed output!) delete the old XFS Oracle partition. 52 53 While we're here, you can also change the partition type on `/dev/sda2` from Linux Swap to Linux Filesystem 54 ``` 55 fdisk /dev/sda 56 t 57 2 58 linux 59 w 60 ``` 61 62 You can now write your changes with `w` and quit with `q`. 63 64 For the next stage, we need to expand the size of our Alpine ext4 partition. 65 ``` 66 apk add parted 67 parted /dev/sda 68 p 69 resizepart 70 2 71 yes 72 100% 73 quit 74 ``` 75 76 With this size now increased, you can uninstall parted with `apk del parted` and actually go about resizing it, using the following command `resize2fs /dev/sda2`. 77 Once completed, reboot again and check your partitions using `fdisk -l`. 78 79 ## Securing SSH 80 81 As mentioned in the guide, all the above remote work was done using password authentication which we're not a fan of in the long term. I did this from my *other* server for easy access to my SSH keys: 82 ``` 83 ssh-copy-id -i your_ssh_key.pub root@server.ip.address 84 ``` 85 Verify your `.ssh/authorized_keys` file looks correct, ensure you can connect using SSH and public key authentication. If this works, you can now disable password authentication with the following: 86 ``` 87 nvim /etc/ssh/sshd_config 88 ``` 89 Search for the `#PasswordAuthentication yes` line, uncomment it and change this to `no`. Here you can also change the port SSH is active on, predictably with the `Port 22` line, be sure to check the Firewall section however if you do change this. 90 91 Once you're done, save the file and restart the SSH daemon using `rc-service sshd restart`. 92 93 Congratulations, you've now (reasonably) secured your SSH server. You can also go one step above with this and disallow root logins, and create a new non-root user, but that's outside the scope of this guide. 94 95 ## Swap 96 One last thing that needs attention is that during the installation of Alpine we used the 8GB swap partition as our root. Without going into re-partitioning we can simply create a new swap file of whatever size is required (in this example, I'm using 2GB). To do this, simply do the following: 97 ``` 98 dd if=/dev/zero of=/swap bs=1M count=2048 99 chmod 0600 /swap 100 mkswap /swap 101 swapon /swap 102 ``` 103 You can now check swap status using `free -h`. To automatically mount this swap file on boot, add the following line at the end of your `/etc/fstab` file: 104 ``` 105 /swap none swap sw 0 0 106 ``` 107 108 ## Firewall 109 Again, as mentioned in the excellent guide, all ports except tcp/22 are blocked by default. If you'd like these opening, in your Oracle account go to Networking > Virtual Cloud Networks > vcn-creationdate-time > Security Lists > Default Security List > Ingress Rules. 110 Here, delete the 3 existing rules (if you'd like to respond to ICMP packets), then create a new rule with the following details: 111 112 * Stateless: No 113 * Source Type: CIDR 114 * Source CIDR: 0.0.0.0/0 115 * IP Protocol: All Protocols 116 117 Once saved, you should be able to access anything you're hosting as you'd expect. 118 119 ## Changing Shells 120 Lastly, I quite like the fish shell (hate all you want), but the `chsh` utility is missing so to change your shell you need to manually edit your `/etc/passwd` file, replacing `/bin/ash` with `/usr/bin/fish` or whatever other shell you'd like to use. 121 122 ## Supporting Ansible 123 I'm looking at managing my servers with ansible, the requirements here are somewhat simple, all you need is a python binary which can be installed via: 124 ``` 125 apk add python3 126 ``` 127 128 ## Block Storage 129 Much like [Hetzner](/manually-formatting-mounting-and-using-hetzner-volumes/), Oracle also offer Block Storage with the added bonus of being free. I decided to opt for the 4 OCPU/24GB instance and then use my remaining 150GB block storage creating a storage volume. When creating this there are a few things to note: 130 * Ensure the availability domain is the same between instance and block storage 131 * When you're attaching the volume to the instance, use *paravirtualized* instead of ISCSI 132 133 Now, you can check your storage is available by issuing `lsblk`, your disk should be listed as `/dev/sdb`. To start using this storage you can do the following: 134 ``` 135 fdisk /dev/sdb 136 n 137 {enter} 138 {enter} 139 {enter} 140 {enter} 141 w 142 ``` 143 This should give us a new partition to use. We can now format it to ext4 with: 144 ``` 145 mkfs.ext4 /dev/sdb1 146 ``` 147 We can also reduce the reserved space on this partiton giving us a little more breathing room: 148 ``` 149 tune2fs -m1 /dev/sdb1 150 ``` 151 All that's left now is to edit `/etc/fstab` and add an entry like the following: 152 ``` 153 /dev/sdb1 /mnt/tank ext4 rw,nofail 0 0 154 ``` 155 You can now mount everything using `mount -a`, and you're done. 156 157 * **Edit 2022-03-08:** Added block storage instructions 158 * **Edit 2022-06-28:** Added sda1 mount fix